> > In order to avoid having to remember multiple usernames/passwords for
> > different systems, is it possible for ELOG to use external authentication
> > via Active Directory, etc?
>
> Not yet.
I would note that this is a request that comes in fairly frequently, but to
Stephan's credit (and looking back at previous comments) the task of trying to
implement authentication that would *not* be a maintenance nightmare basically
pushes such a request down to the bottom of the list.
The only common denominator that could possibly cover all contingencies would
be LDAP authentication. One way of doing this in a more-or-less universal
fashion is to offload the auth task from eLog itself and place the burden on
Apache. This means figuring out how to get Apache to pass auth info to eLog
when eLog operates behind Apache. In the end, anything that can use LDAP as an
authentication mechanism (like AD) can host eLog - as long as eLog can glom off
of Apache's ability to do the actual authenticating.
For our twiki (source from twiki.org) website, we use the following config:
-- In Apache http.conf
LoadModule auth_ldap_module libexec/auth_ldap.so
AddModule auth_ldap.c
AccessFileName .htaccess
# Twiki
Include /proj/www/twiki/conf/httpd.conf
-- The http.conf in the Twiki directory
<VirtualHost *>
DocumentRoot "/proj/www/twiki/html"
ServerName twiki
ErrorLog error_log
CustomLog access_log combined
<Directory "/proj/www/twiki/html/bin/">
Options +ExecCGI
allow from all
AllowOverride Authconfig FileInfo Indexes Limit Options
</Directory>
<Location /bin>
Options +ExecCGI
AuthType Basic
AuthName CoreID
CustomLog access_log combined
<Directory "/proj/www/twiki/html/bin/">
Options +ExecCGI
allow from all
AllowOverride Authconfig FileInfo Indexes Limit Options
</Directory>
<Location /bin>
Options +ExecCGI
AuthType Basic
AuthName ID
AuthLDAPURL
ldap://ldap.co.com:389/ou=People,ou=Intranet,dc=co,dc=com?uid?sub?(objectClass=*)
require valid-user
allow from all
<Limit OPTIONS>
Order Deny,Allow
Deny from all
</LIMIT>
</Location>
</VirtualHost>
--- Then the DocumentRoot ("/proj/www/twiki/html") has a '.htaccess' file with
the following:
RedirectPermenant / http://twiki.co.com/bin/view.cgi
--- Also in the /bin directory we have:
Redirect http://twiki.sps.mot.com/index.html http://twiki.sps.mot.com/bin/view.cgi
AuthType Basic
AuthName "LDAP Login"
AuthLDAPURL
ldap://ldap.co.com:389/ou=People,ou=Intranet,dc=co,dc=com?uid?sub?(objectClass=*)
SetHandler cgi-script
ErrorDocument 401 /bin/oops.cgi/TWiki/TWikiRegistration?template=oopsauth
<Files ~ "[^/]*\.html$">
SetHandler blabla
allow from all
</Files>
<Files "*">
require valid-user
allow from all
</Files>
-------------------------
Whether this is at all relevant, well . . . . |